Windows 10 is finally within spitting distance of being the most popular version of Microsoft’s OS, and yet at this moment of apparent triumph, some security professionals are not satisfied.

The evidence emerges in a survey of admins by the patchmanagement.org listserv, which uncovered a rich seam of unhappiness at the state of recent Windows updates, especially for Windows 10.

In her open letter to Microsoft, patchmanagement.org moderator and Microsoft Most Valuable Professional (MVP) Susan Bradley, doesn’t sugar coat it:

The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don’t install updates and leave machines subject to attack.

Forty-seven bulletins with issues sounds like a lot. Asking users of patchmanagement.org to rate how satisfied they were with quality of Windows 10 updates, 64% said they were either ‘not satisfied’ of ‘very much not satisfied’.

The feature updates that have become a defining part of the Windows 10 strategy come in for particular flak, both in terms of their overall business benefit and unhelpful regularity.

In Bradley’s view, the fault lies with the Windows 10 Insider Program, the channel through which developers and enthusiasts test new versions to spot problems before software is let loose on everyone else.

This was an informal survey from a possibly self-selecting group of respondents, so let’s proceed with that caveat in mind. Assuming the survey is an accurate reflection of the attitude of at least some security professionals – what, if anything, might be going wrong?

One possibility is that three years after launch, Microsoft is starting to struggle with Windows 10’s more complex patching, updating and testing schedule.

Clearly, the days where Microsoft could just post updates and a grateful user base would download them are over.

Or perhaps it’s more frightening than that and it’s not that Microsoft isn’t doing a good job but that nobody could – updating an operating system smoothly across hundreds of millions of computers has become too complex. You will never satisfy everyone and the people who are dissatisfied are likely to seek out others of their kind.

In the nick of time, Microsoft is reportedly looking to launch a Windows desktop-as-a-service called Microsoft Managed Desktop (MMD), under which the company will manage the whole Windows installation, including updating, for a fee.

It’s possible that this might one day be offered to consumers which would mean that Windows will have come full circle.

In the old days, users installed Windows on their computers from diskettes. As the years passed, Microsoft started helping them out with security and feature updates across the internet, which now include major feature upgrades too. Spot the pattern? The logical end is Microsoft does it all and Windows becomes the service that Microsoft perhaps secretly wants it to be anyway.

If this happens we will have reached the moment when everyone accepts that full-service operating systems such as Windows have become too tricky for ordinary mortals to look after.

Some might raise their glass to salute the irony of this – for Windows at least, the computer will have stopped being truly personal.

According to latest data from Microsoft, still just over 40% of users have W10, meaning that almost 60% do not. Many who don’t still prefer W7 with it’s ability to control when updates are downloaded and installed. Some still use W8 or W8.1 (like me) largely because of the way Microsoft are forcing the W10 updates on people. Yes, it is important to update the OS when such are available but that should be possible when it is convenient to the users and not whe Microsoft decide. I have always set my systems to inform me when updates are available so that I can download and install at a time that is convenient to my work schedule and not be interrupted by such downloads whilst in the middle of critical tasks. Because W10 forces it upon users, I am highly resistant to W10. Further, there are many aspect I do not like. I use Classic Start instead of the awkward display Microsoft offer, I prefer a proper menu and not a plethora of icons, most of which are useless to me.
W10 has a long way to go yet before it is likely to become the majority OS.

a platform that fails even more at security patching, quality initial releases, and has an even tighter grip over the product, aiming to one day turn it into a completely closed system. good luck with that.

Yes, THAT!
I called Windows 8 “Windows HATE” due to the hideous ‘Modern’ nee ‘Metro’ UI, which seems to idicate their plan is to make all Windows instlls look like their failed Windows Phone or XBOX UI. They retained it in ‘Hate point one’, and it’s still present in Win10 (which they went to instead of Windows 9.0 because… I don’t know, OS X?)

It’s SO ugly, SO uncontrollable, SO leaky with my data, that I just won’t run it anymore. Literally everything is one step forward and two steps back for them since at LEAST 2012, but in my opinion 2006. I run Mac and Linux exclusively now, and GOODBYE Windows. They force me to use it at work, and I consequently continually marvel at how BAD, unreliable, bloated, and slow the base OS and their office suite have gotten. People PAY for this? I would never CHOOSE this, it’s inflicted on me against my will by my employer. It’s literally quicker to learn a new OS and OpenOffice\LibreOffice suite than to endure the continual time-suck that is this mess.

I have done the same and returned to Mac, after a hiatus of 15 years with Windows. Windows 7 wooed me away and, I’m ashamed to admit it took me more years than I like, beating my head against the versions of Windows that came after 7, before I gave up and went back to Mac. However, as an IT consultant, I still spend a significant amount of my time in the WWW (Woeful World of Windows) and cannot see Windows 10 and the way Microsoft have changed their approach to updating as a good thing.

One thing I have discovered with Apple’s flagship computer OS is that it appears to have sadly become the uncool old relative, of iOS, that nobody at Apple wants to hang out with any more.

I am one of those “security professionals” completely unsatisfied with Windows updates. Susan sugarcoated the issues through which we’ve been suffering for over a year. In June 2017 Office updates permanently broke Outlook 2010’s indexing, forcing me to perform a combination of upgrading users to 2013 or re-create the Outlook profiles of about 100 users. In Janurary, Spectre/MD patches were a disaster. At least we didn’t have any AMD machines, which had their updates revoked, reissued, and reissued a 3rd time before getting it right. That took almost 2 months. There were still lingering Spectre/MD patch issues heading into this summer.

I have always kept us 1 month behind on updates because traditionally it always took a full 30 days for MS to work out the bugs- ie I’d approve July’s updates when August’s were released- but I have us 4 months behind because of the state of patching.

In the last year:
There were bugs introduced in Feb that STILL EXIST for Windows 7 3+ revisions later.
Updates deleted virtual network adapters for ESX VMs taking them offline
Updates deleted Windows 7 and Server 2008r2 network adapters, requiring touching all affected PCs manually as the official fix.
Serious bugs in Cumulative Updates (which are classified as Security Updates) whose fixes were only available via non-security updates (meaning they weren’t approved by many businesses that, like mine, only apply Security Updates.)
Outlook’s indexing was broken for 2012 and 2013. 3 revisions and 5 weeks later and 2013 was finally fixed. 2010 users all required new profiles.

The past year has been an absolute disaster for sys/endpoint admins responsible for Windows patching.

It’s tough enough as security admins to get everyone onboard with a regular maintenance window for patching, but to have Microsoft fail miserably on the QA aspect now makes even tougher to convince our admins they need to update on a regular basis. MS is doing a real disservice to the security community with their lack of QA.

I admit that I held out with XP way beyond the end-of-life and then jumped directly to Windows 10 and Office 2016-64 on the last day of the free downloads. Things work generally the same–you just have to learn the new places they are located and the new keyboard shortcuts.

I have no problem with the timing of Windows updates, although their scheme for saving open files is pretty stupid. Most of my files are in Documents or folders within it. But the saved files during Updates reboots go in
C:\Users\Larry\AppData\Roaming\Microsoft\{Excel|PowerPoint|Word}
which they never tell you, nor do they give you a shortcut for it. And the scheme they give you for figuring out what to keep when you open an office app is confusing and useless. You have to install their compare utility to see if you really need to restore their “Roaming” copy or not. This was obviously never tested with real users.

Another annoyance is that they keep adding new little features of less and less utility, but larger and larger disk footprint. This is bloatware I don’t need.

BUT THIS IS NOT THE REAL PROBLEM WITH WINDOWS UPDATES. The real problem is something that wasn’t done with previous versions. When Windows 10 gets a major update (like Creator’s Edition), they do a new driver scan and replace working drivers with drivers that some programmer “thinks” might be better. When I first installed Windows 10, I had to look for a working driver for my (relatively new) Samsung laser printer. I wound up having to modify the Win 8 driver, since the Win 10 driver did not work correctly. I had to search for an extended time to find a driver for my “Trackpoint” mouse because the Microsoft substitute could not scroll with precision. And of course I have some older software in which the help files were written for WinHlp. Do you think Windows 10 supports it? Or supports a limited form that avoids the vulnerability? No! Microsoft has decided that I no longer can decide what applications run on my computer and won’t allow you to run even the crippled form of WinHlp–unless you trick the Windows 8 version into installing on Windows 10.

And then the first major update came along and wiped out the changes. That was when I learned to keep all the driver install code/data. Now it’s only 20-30 minutes on each computer to restore a crippled WinHlp and the printer and pointing device drivers after each update.

At least I thought that was all the problems. Then Version 1803 was issued. It clobbered WinHlp and the drivers mentioned above AND the video driver. Certain images render incorrectly in PowerPoint and Adobe Reader. The upper-left region is correct but the lower-right region renders as an image of the upper left area folded across the image’s diagonal. Apparently someone at Microsoft thought it was a good idea to make some shortcut in the image rendering code and never bothered to test it. This occurs on all laptops with the Intel 945 Mobile Express chipset–millions of them. The internet is full of discussion on this. The most recent Intel driver was issued in 2009, Microsoft is unresponsive and apparently the only solution will be to scour the internet (including shady “driver download” sites) for the 2007 Intel video driver. And to add that to the stash of drivers to be replaced at each update.

Laurence, thank you so much for this honest and informative reply, however I noticed a few things of interest – 1st, like me and millions of other users you thought WP was the rock solid “283” of Windows OS. Your mistake was not test driving the “327” version, Windows 7 before driving the XP to the scrap yard.

2nd, you could still be helping others keep Windows 7 alve and working. I will never, never, never buy another new Windows 10 machine until the day I die – I’m saving up my money to buy refurbished Apple products. The April Windows 10 update left me bloody, bruised and ravaged, a new member of the “Me Too” movement. I truly believe Harvey Weinstein is the creator of Windows 10.

I sense the only reason you were so kind to Microsoft is because unlike the other 90% of Windows users you are skilled enough to fix their mistakes.

“Once upon a time in a galaxy far, far away”, Firefox was the next best thing to XP. Unfortunately for the users the add-ons were the lifeblood of their OS, and new Admin staff on LSD hired a new development staff on crystal meth who wrecked all the Firefox apps in the interest of “Change for the sake of change”.

That was somewhere around version 1.4 maybe, I forget… The independent Firefox app writers tried to rewrite their app code for a while and then gave up. There were those of us who fought back, and kept installing bootleg versions of the original “stable” versions of Firefox 1.whatever, and bootleg versions of the apps, and even bootleg versions of the vintage Adobe flas apps.

We all finally gave up too and walked away from Firefox never to return… We left Firefox to the Millenials who didn’t have a reference point and didn’t know any better.

Laurence, I hope you respond: I would enjoy bantering with you – I might learn a bit.

Mr. Dunn, Ill understand if you don’t respond – be it known I left many things of interest out.

If MS can’t manage to put out patches that don’t break a ton of things, how is them managing the entire desktop going to help? It just means that the entire OS will fall over and blow up like Office 365 does at times, but bigger and without any ability for the user to avoid or fix it.

Microsoft please leave Windows 10 alone. There are some of us who use the machine for business and want it to work, nothing else, silly graphics and gaming apps we do not want just a stable system that works. One of my machines, a slow netbook, spent nearly a day “downloading” a build update, then overnight to install it only to crash on first operation. Luckily reversion to the previous build worked. Previous “updates” have lost administrator accounts, crashed the machine and so on. As long as it works and is secure, that’s all we want.

I love the idea of the OS as a service model. Better for business!! Now when the OS gets hacked or causes adverse issues with applications Microsoft will be financially responsible for the damages. The other bright spot is that this will finally push Linux into the desktop world.

I wish that wasn’t the brightest side I saw. Of course people aren’t going to take a risk on an OS when the alternative is already paid for – but if you ask people to pay monthly, that reduces the risk of switching significantly… unless Microsoft owns the hardware and alternative become a pain to find…

Mr. Dunn, I think you’re already on the wrong side of history with your original premise… I know you meant well but the author you quoted laid down an unstable foundation for you to build upon.

Case in point: Market shares of an unsupported canceled product vs the love child of a $16.5 billion dollar near-monopoly marketplace giant has nothing to do with user popularity – consider me unconvinced.

The mere fact that Windows 10 is passing Windows 7 in the race is due to sabotage by the Windows pit crew. I’m too tired to fully develop the analogy tonight but I think you catch my drift. BTW, I like your work in general lol….

I recently bought a new computer running Windows 10, after having used Windows 2000 since 2001.
I am very disappointed with Win 10: Not only does the program forbid me root access to correct serious operational flaws, but it refuses to run many of my software programs: I only use it offline, so security is not the reason for this spiteful behavior. Also, it seems almost impossible to find existing solutions in the over-published Windows 10 help system.
If I could run Seagate “Backup Plus” in Windows 2000, I would delete Win 10 and replace it with Win2k.

How about tech companies stop pandering to the bells and whistles mentality of pubescent techs and spend a while making their software more reliable, faster, safer and easier to use? Tech companies seem to be addicted to hitting that big reveal “wow!” moment at their conferences. All designed to drive sales and revenue (which, within reasonable limits, is understandable). Why don’t they just take a chill pill and for once say… “Hey, we’re not adding any more bells and whistles in this one! We’ve spent all our time making it run more reliably, safely, faster and easier to use!” Watch the geeks bottom lips quivering while the rest of the world breathes a sigh of relief.

Using technology, these days, is becoming more and more like being in a co-dependent abusive relationship. The tech companies know we cannot live without what the technology does for us and they’re desperate to cling on to us to bleed us of our cash. And yet, they’re all too keen to see how far they can push us, with increasingly buggy software, before we break and switch to yet another tech company stuck in the same abusive relationship trap.

I have had major issues with the cumulative updates for Windows 10. To the point that I no longer keep anything on my computer that I am not prepared to completely lose because two or three times after the updates I have had to reinstall the operating system from my recovery disk because the system refused to boot. To say that I do not trust Windows update is a gross understatement.

I prefer the simple things when it comes to a GUI on an OS. Working in the IT world I need things to be quick to locate and easy to execute. No having to go through 3 different setting menus to get to this or that. Or struggling to remember which setting menu a specific setting is in because its an “advanced” feature and not carried across all the setting menus. All the pretty little extras are just noise to me and I wish there was a way to turn it all off in the OS itself.

Disappointing that for older programs running on W10 after each major feature update I generally have to reinstall the older programs.

I was all for windows starting with XP and through 7 but as soon as W8 came it all changed. I tried it and even today still hate it and the Metro style of start menus. Especially having to have a Microsoft associated ID as the preferred method of adding a user. That’s so stupid. As an organization that can not rely on Cloud Hosted solutions due to sensitive data it again is an extra that is not needed.

Personally I made the switch to Mac 5 years ago and have not looked back at home. But work is another story.

Well, I had a thing or two to say here, but it looks like you guys have all beat me to it. I used to be majorly pro-Microsoft, but this has changed over, well, I suppose it’s been about a decade now! User interface / GUI modifications that make things less-user friendly, and quality control that feels non-existent. Release an update, wait for users to complain, then try to fix it. Please – no. Microsoft still do some stuff right, otherwise I wouldn’t still be in the job I’m in. But, wow – supporting Microsoft products is a whole lot harder than it ever used to be!!

Saying they are doing a good job is just plain wrong. They got rid of most of their QA teams and expect end users to fully test these releases. This causes large issues once the patch is moved into an enterprise environment (especially when it is forced upon you) since the patches generally have not been tested in these types of environments. The entire month of July was a pitched battle with MS and their updates trying to overwrite fixes we had to manually create for broken Windows features.

Another security admin here. Windows patching is absolutely horrible (alongside the really bad interface) and one of the main reasons most of our enterprise is still on Windows 7. We have Windows 10 here and there and the experience has been utterly negative. Windows 10 is the most buggy and unreliable operating system I have had to ever deal with.

Forced updates often even ignore the set preferences. For example, we have a bunch of specialty machines that are not domain joined. Self-service kiosks and such. Not only did they upgrade to Windows 10 by themselves despite being set not to upgrade. They have also installed Windows feature updates despite feature updates being deferred. This has caused a lot of troubles for the IT department as these machines have all kinds of special equipment connected that need special drivers. The last spring update again came to those machines out of the blue, replacing all the drivers with some crap generic ones which meant that most of the peripherals like touch screen, rfid readers and so on quit working. The forced driver updates are absolutely moronic.
The quality of the updates has gone straight downhill. Many of the issues have been pointed out above already. There have been many more. What’s worse is that updates are monolithic. If something brakes there’s no way to isolate that single problem but one needs to remove the full big monthly patch.
The method how feature updates are installed is also problematic. There’s plethora of specialty software that generates a computer ID when activated for license management. Every time the big feature updates come out, there’s a need to deactivate and then reactivate all that software so they would not loose the license. It’s a lot of extra work. And when you forgot or Windows 10 just decides to upgrade by itself then there’s lots of problems. Usually the licenses are lost which in turn means that we have to beg the developers for the reinstatement of the licenses. It’s more work, expenses and lost productivity.

“Forced updates often even ignore the set preferences.” Yeah +1 for that! Every update means I have to reset my preferred apps, as they default back to the Windows 10 “apps” (such as the photo viewer app), which are buggy as hell and contain less functionality than the much older “Windows Photo Viewer”, for example. One of many settings that I lose every time they force anything more than minor security patches.

I never really cared for anything from MS and remember installing MSDOS and later Windows [which at the time ran on top of of MSDOS] from floppy disks. I remember each painful reiteration of Windows eventually we had Windows95 and did not need MSDOS (which rarely ever crashed) was just a pain to have to install MSDOS and config drivers and all and than install Windows on top of it. Once we had Windows95 it became common to have lockups and crashes continuing into Windows98[seemingly more hobby OSes] and WindowsME. Once MS decided to develop and release WindowsNT[focused to business] we started to slowly have stability though it took years and WindowsNT became more stable with each version, well for a while that was [stability started to go downhill as bloat increased with Windows Vista]. Personally I liked Windows2000 [NT] Professional and especially WindowsXp [NT]. Ironically MS actually had a rather stable OS with WindowsXp and in-spite of wide acceptance facing outrage MS blow it reinventing the wheel with Windows Vista which as bad as it was MS did not force that down customer’s throats. By the time we got to Windows8 [NT] Windows was very bloated filled with junk and a UI [User Interface] most people hated and the controversy about MS spying on users. By the time we get to Windows10 [NT] we have an OS that has artifacts from previous versions that do not even apply such as group policies from previous version, we have a thrown together mess in a failed attempt to merge menus from previous versions of Window with the new Windows menus, acknowledged MS spying that you can only lesson through paying more to get other versions [up to enterprise], users have little to no control over patches in Win10 depending on the version [aside from that set with group policies if on a corp network], also starting with Win7 we have an OS that must regularly call home to re-license itself else it becomes a paperweight. With Widows10Enterprise customers were given more control over patching, but eventually MS revoked that through patches. Even though I never liked MS, I used their products up until I [as many others users] was forced off WindowsXp. From that point on I have continued to stay with Linux, to some degree Apple OSX, and various versions of UNIX and never regretted that decision. I am surprised up until this point no one exploited that re-license need for Windows to call home; could possible be a nasty DoS attack especially with Win10 being forced on many customers even MS sneaking it through as a patch.